Travis Ormandy discovered a vulnerability in Transmission using a DNS rebinding attack, which he explains nicely.
BlackWallet, an online wallet for the cryptocurrency Stellar, was hacked. The attacker got control of the DNS records and switched the real site with his identical one, where your coins were siphoned off once you gave your private key. About $425.000 was stolen.
The usual wisdom is that when someone has physical access to your device, you're done for anyway. But this deserves a heads up: if you have AMT enabled, make sure you change the Bios Extension password from its default 'admin', which apparently most don't. A malicious person can compromise your machine in under 30 seconds, bypassing BIOS password, Bitlocker encryption, etc, and open up your device for remote login.
Most of them allowing for remote exploitation, so get them updates going.
Also, make sure your older patches are applied too. A bunch of attacks are underway where Oracle PeopleSoft and WebLogic servers are compromised to mine Monero.
The backdoor was introduced 14 years ago at Nortel Networks, which was eventually bought by Lenovo. It's now discovered by Lenovo themselves. Fortunately the backdoor only opens under very strict and rare conditions.
If you run an enterprise GSuite account, this will make you happy. It's a dashboard showing things like amount of documents being shared, e-mail settings being insecure, amount of spam/phishing inbound, etc.
Bad guys getting caught
Always good to know that not everyone gets away with malicious stuff.
There were quite a few arrests/indictments this week, so I figured I'd group em up:
- The creator of the FruitFly Mac malware, which ran for 13 years: link
- A hacker that was part of the 'Fappening': link
- The creator of both Cryptex (a service to scramble binaries so they aren't detected by antivirus) and reFUD.me (a service to test if antivirus detected your virus): link
- The operator of LeakedSource, a service where you paid to get access to uncensored data dumps of user information: link
This might be fun to play around with. You can create your own mock malware which behaves like the real thing, just without actual damage, and see if your defences hold.
Cool research that explores using the cache of open DNS resolvers to store files, dubbed DNSFS :-)
Integration of web application security in the SDLC has become really important. Businesses are pushing new code to production multiple times in a day, so it is vital that security flaws are identified at source. Listen to Paul’s Security Weekly podcast discussing this, scaling up web application security, time management for penetration testers and more.